Job Specifications
Headway's mission is a big one - to build a new mental health care system everyone can access. We've built technology that helps people find great therapists with the first software-enabled national network of providers accepting insurance.
1 in 4 people in the US have a treatable mental health condition, but the majority of providers don't accept insurance, making therapy too expensive for most people. Headway is building a new mental healthcare system that everyone can access by making it easy for therapists to accept insurance and scale their practice.
Headway was founded in 2019. Since then, we've grown into a diverse, national network of over 60,000 mental healthcare providers across all 50 states who run their practice on our software and have served over 1 million patients. We're a Series D company with over $325m in funding from a16z (Andreessen Horowitz), Accel, GV (formerly Google Ventures), Spark Capital, Thrive Capital, Forerunner Ventures and Health Care Service Corporation.
We want your time here to be the most meaningful experience of your career. Join us, and help change mental healthcare for the better.
About The Role
Reporting to Headway's Director of Security, you'll have the opportunity to build and grow a world-class engineering team focused on securing the products and applications that powers Headway. You'll own our approach to application security, secure software development, and product-integrated security strategy across all aspects of Headway's services, systems, and user experiences.
Your team will be responsible for driving application-layer and product security efforts at scale. You'll lead the development of security features, tooling, and programs that enable our product and engineering teams to ship secure code and protect sensitive data throughout the software development lifecycle. You'll build and grow a pod through strategic planning, recruiting/hiring, people development, leading high-impact initiatives, and reporting on outcomes.
Your work will be deeply cross-functional, partnering closely with product, platform, and core engineering teams. You'll help teams bake security into product design, introduce secure-by-default tools and practices, and enable scalable threat modeling, secure coding, and proactive vulnerability management. You'll also collaborate with IT, infrastructure, and compliance teams to align product security goals with broader organizational risk and trust objectives.
What You'll Do
Own Headway's application and product security strategy, setting the vision and roadmap for securing all customer- and provider-facing experiences.
Build a best-in-class application security program that embeds secure development practices into the software development lifecycle (SDLC), including threat modeling, secure code reviews, and automated security testing.
Drive initiatives to improve security visibility and response within our products, including user-access controls, sensitive data handling, and in-app protections.
Partner with product and engineering teams to identify and mitigate risks in new features, third-party integrations, and architectural decisions. Act as a trusted advisor to engineering teams, fostering a culture of ownership, accountability, and security best practices.
Build tools, workflows, and documentation that help engineers write secure code and own their security responsibilities.
Create a highly engaged, operationally and technically excellent engineering culture within your pod.
Align product and platform engineering teams to security goals with regulatory, privacy, and compliance requirements; collaborating closely with privacy, legal, and compliance teams.
Support production incident response processes in partnership with engineering and Trust teams, helping to triage, remediate, and learn from security events.
You Will Love This Role If
You've managed or led security engineering teams and are excited to build and grow one from the ground up.
You have a strong background in application security and secure development practices, and have partnered closely with engineering teams.
You enjoy enabling developers to build safely and quickly through secure-by-default tooling and clear guidance.
You're comfortable working across domains--from product design to AWS infrastructure--using security as a force multiplier.
You thrive in highly collaborative environments and care deeply about empowering teams to do their best work securely.
You're motivated by Headway's mission to make mental healthcare more accessible and want to make a positive impact through security.
Tools We Use
Languages: Python 3, TypeScript
Frameworks & Libraries: FastAPI, React/Remix, SQLAlchemy
Cloud Infrastructure: AWS (ECS, RDS, S3), Kafka
Security Tooling: Semgrep, Wiz, Expel, Datadog
Access Management: Okta, Auth0, Teleport
Monitoring & Incident Response: Datadog, PagerDuty
Source Control: GitHub
WAF & Networking: Cloudflare
Our interview process
After you